XRootD achieves ‘passing’ level of OpenSSF best practices
The Open Source Security Foundation (OpenSSF) Best Practices Badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. The OpenSSF Best Practices Badge website outlines the criteria for the passing badge and projects voluntarily self-certify by filling the appropriate form with examples of how they follow each recommended best practice.
XRootD has reached “passing” level of the OpenSSF’s best practices. Over the last few years, we have worked on improving the continuous integration system based on GitHub Actions, integrating static analysis, memory checkers, sanitizers, and other tools into the development process, adding documentation about contributing to XRootD, adding a formal security policy, processing reported security vulnerabilities in a timely manner, and publishing security advisories at the end of the process.
The full report for XRootD can be found at https://www.bestpractices.dev/en/projects/?q=xrootd.
We will continue our efforts to improve XRootD so that we can produce higher quality software and, as a result, obtain higher levels of certification in the future.